TAC Recommended PAN-OS Release 9.0

Reply
Highlighted
L0 Member

TAC Recommended PAN-OS Release 9.0

Hi Guys,

 

We are running 8.1.6 on our PA Gateway and Panorama and would like to upgrade it to 9.x.x. I went through the Release Guidance and it says the preferred released version is 9.0.4

 

https://live.paloaltonetworks.com/t5/Customer-Resources/Support-PAN-OS-Software-Release-Guidance/ta-...

 

1. Is the version 9.0.4 is the generally recommended one?

2. According to the TAC best practice is to upgrade the panorama to a higher version than the gateway therefore what should be the gateway version and the panaroma version accordingly?

 

TIA

 

 

 

L2 Linker

Re: TAC Recommended PAN-OS Release 9.0

I have my PA-820 running 9.0.4 since it was release. Haven't had any issues, and it even resolved an issue I was having with LDAP group mappings.

Just another I.T. guy
L2 Linker

Re: TAC Recommended PAN-OS Release 9.0

Hi Shehan,

 

The link you provided actually answers your first question, 9.0.4 is the preferred OS for firewalls and Panorama.

As for having Panorama one version higher, my understanding is that Panorama must be at the same level or higher to manage the firewalls. The key being "at the same level". I know I try to keep Panorama up to the preferred version listed, but I cannot do the same with my firewalls, as it is a challenge to plan the changes that often.

The important thing is that you are safe running the same OS version on Panorama as you are on the firewalls.

 


Bruce.

Learn at least one new thing every day.
L7 Applicator

Re: TAC Recommended PAN-OS Release 9.0

Hello,

Check the release notes and make sure you're not affected by any of the known issues. I have 9.0.4 running on many different models and all is well.

 

Regards,

L7 Applicator

Re: TAC Recommended PAN-OS Release 9.0

Hi @shehan 

 

  1. 9.0.4 is the preferred release from the 9.0 major version. As far as I know not the generally recommended one*
  2. Gw and panorama can be on the same version but gw shouldn't be higher. (This at least is required when you open a TAC case. In practice it normally also works when gw is on a higher version than panorama - as long as they are on the same major version)

*This is only my personal recommendation and nothing official, but because of too many problems in the past I will always wait until x.x.8 or even x.x.9 version until I upgrade to a new majorversion.

L6 Presenter

Re: TAC Recommended PAN-OS Release 9.0


@vsys_remo wrote:

*This is only my personal recommendation and nothing official, but because of too many problems in the past I will always wait until x.x.8 or even x.x.9 version until I upgrade to a new majorversion.


Agreed.  I deployed a 5220 running 8.0.5...Thought it was a stable code, ended up crashing both the A/P box because a netflow bug.  The bug wasn't fixed until 8.0.8.

 

So for a major enterprise I'd wait until at least .7+ of a patch level on a new major release.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!